/*
 * Copyright (c) 2020 - present, Inspur Genersoft Co., Ltd.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *       http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */

package io.iec.edp.caf.security.config;

import io.iec.edp.caf.commons.utils.StringUtils;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter;
import org.springframework.security.web.header.writers.StaticHeadersWriter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

/**
 * 与CAF-Security中的配置冲突，暂时废弃此方式
 *
 * @author wangyandong
 */
@EnableWebSecurity
@Configuration(proxyBeanMethods = false)
@EnableConfigurationProperties({
        WebSecurityConfigurationProperties.class
})
@Order(Ordered.LOWEST_PRECEDENCE)
//@EnableConfigurationProperties
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    private static final String Policy_Directives = "default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' 'unsafe-inline'; img-src 'self' data: blob: 'unsafe-inline'; frame-src 'self'; style-src 'self' 'unsafe-inline';";
    private WebSecurityConfigurationProperties properties;

    public WebSecurityConfig(WebSecurityConfigurationProperties properties) {
        super();
        this.properties = properties;
    }

//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//        String contentSecurityPolicy = Policy_Directives;
//        if (properties != null && !StringUtils.isEmpty(properties.getContentSecurityPolicy())) {
//            contentSecurityPolicy = properties.getContentSecurityPolicy();
//        }
//
//        http.headers()
//                .contentSecurityPolicy(contentSecurityPolicy);
//
//        // 任何跨域
//        //http.headers().frameOptions().disable();
//        // 同源跨域
//        http.headers().frameOptions().sameOrigin();
//        //.reportOnly();
////        http.csrf().disable()
////                .authorizeRequests()
////                .anyRequest().permitAll()
////                .and().logout().permitAll();
//
//        //http.cors().configurationSource(corsConfigurationSource());
//    }

//    //配置跨域访问资源
//    private CorsConfigurationSource corsConfigurationSource() {
//        CorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
//        CorsConfiguration corsConfiguration = new CorsConfiguration();
//        // 同源配置*表示任何请求都视为同源;若需指定ip和端口可以改为如“localhost:8080”多个以","分隔
//        corsConfiguration.addAllowedOrigin("*");
//        // header,允许哪些header;本案中使用的是token;此处可将*替换为token
//        corsConfiguration.addAllowedHeader("*");
//        // 允许的请求方法&#xff0c;PSOT、GET等
//        corsConfiguration.addAllowedMethod("*");
//        // 配置允许跨域访问的url
//        ((UrlBasedCorsConfigurationSource) source).registerCorsConfiguration("/**", corsConfiguration);
//        return source;
//    }
}
